[SECURITY] Fedora 21 Update: php-Smarty-3.1.21-1.fc21

Although Smarty is known as a "Template Engine", it would be more accurately described as a "Template/Presentation Framework." That is, it provides the programmer and template designer with a wealth of tools to automate tasks commonly dealt with at the presentation layer of an application. I stre...

Avoiding the Dark Security Future

LAS VEGAS—Nick Percoco has been thinking a lot about the future of technology, and some of the things he’s dreamed up aren’t very pretty: farms of people renting out their spare brain cycles, autonomous cars that freak out and careen into oncoming traffic and hacking groups hijacking users’...

​Jeremy Rowley on the Facebook Tor Cert & the Future of PKI

Dennis Fisher talks with Jeremy Rowley of DigiCert about the company’s decision to issue a certificate for Facebook’s .onion site, the challenge of key protection in today’s environment and what the near future holds for PKI. Download: digitalunderground170.mp3 Music by Chris Gonsalves...

Yahoo Confirms Infected Servers Unrelated to Shellshock

Yahoo CISO Alex Stamos refuted claims made by a Louisiana security company that a number of Yahoo servers had been compromised by Romanian hackers using Shellshock exploits against the vulnerability in Bash. Stamos said three Yahoo Sports API servers were infected with malware by hackers looking...

SearchMyFiles v2.50 - Alternative to 'Search For Files And Folders' module of Windows + Duplicates Search

SearchMyFiles is an alternative to the standard "Search For Files And Folders" module of Windows. It allows you to easily search files in your system by wildcard, by last modified/created/last accessed time, by file attributes, by file content text or binary search, and by the file size...

Future Internet index.cfm Multiple Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/21727/info Future Internet is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues, because it fails to sufficiently sanitize user-supplied input. An attacker could...

Future Internet index.cfm categoryId Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/21727/info Future Internet is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues, because it fails to sufficiently sanitize user-supplied input. An attacker could...

Killer Protection 1.0 Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5905/info The Killer Protection PHP script is prone to an information-disclosure issue. Reportedly, unauthorized users can access sensitive user data by requesting the 'vars.inc' file in a malicious HTTP request. Exploiti...

FloosieTek FTGatePro 1.2 WebAdmin Interface Information Disclosure Weakness

No description provided by source. source: http://www.securityfocus.com/bid/8578/info A weakness has been reported in the FTGatePro WebAdmin Interface that could allow an unauthorized user to gain sensitive information. The problem is believed to occur due to insufficient access controls put in...

CuteNews 1.3 Debug Query Information Disclosure Weakness

No description provided by source. source: http://www.securityfocus.com/bid/9130/info An information disclosure weakness has been reported in CuteNews 1.3, that may expose sensitive server configuration data. The problem occurs due to CuteNews accepting a debug query that will result in the...

Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2003/info NCSA HTTPd and comes with a CGI sample shell script, test-cgi, located by default in /cgi-bin. This script does not properly enclose an ECHO command in quotes, and as a result shell expansion of the character ca...

Yahoo!: Yahoo! Reflected XSS

Thank you for your submission to the Yahoo Bug Bounty program. We were able to reproduce the issue you reported and have implemented appropriate fixes. We appreciate your adherence to responsible disclosure guidelines and look forward to your future participation in the program...

Embracing the Cloud's Potential for Security

I spoke recently at TIAs Network of the Future conference. At the session, which was heavier on vendors than operators, the discussion was very focused on the cloud. Everyone wants to know whats coming next and if theyre ready for it...

Al Qaeda Homegrown Encryption Likely Aids NSA Intelligence

Terrorist organization Al Qaeda has reportedly stepped up its development of homegrown encryption technology since the Edward Snowden leaks began last June. The question puzzling some security experts is: Why? “This is hard, and the odds they are doing it correctly are low,” said cryptographer an...

Yahoo!: http://us.rd.yahoo.com/

Thank you for your submission to Yahoo’s Bug Bounty program. While we recognize the effort that you put into the research and writing of a report for us to evaluate, we will take your report into consideration for any future releases. We appreciate your adherence to responsible disclosure...

NSF Awards $15m for New Secure Internet Architecture

The National Science Foundation NSF is awarding $15 million in grants for the development, deployment and testing of future Internet architectures that are designed to enhance security, respond to emerging service challenges, and increase scalability. In 2010, the NSF Directorate for Computer and...

Meetup.com Back Online After DDoS Attacks, Extortion

Social networking site Meetup.com is finally back online today, yet officials at the site are warning it could still face future outages following a series of sustained distributed denial of service attacks DDoS over the weekend. Meetup is a social networking portal that allows individuals with...

Yahoo!: Yahoo mail login page bruteforce protection bypass

Thank you for your submission to Yahoo’s Bug Bounty program. While we recognize the effort that you put into the research and writing of a report for us to evaluate, we will take your report into consideration for any future releases. We appreciate your adherence to responsible disclosure...

Yahoo!: Vulnerability found, XSS (Cross site Scripting)

Thank you for your submission to Yahoo’s Bug Bounty program. While we recognize the effort that you put into the research and writing of a report for us to evaluate, but unfortunately this bug has already been reported to us. We appreciate your adherence to responsible disclosure guidelines and...

Yahoo!: XSS using yql and developers console proxy

Thank you for your submission to Yahoo’s Bug Bounty. While we recognize the effort that you put into the research and writing of a report for us to evaluate, we found this report to be a duplicate of another. We appreciate your adherence to responsible disclosure guidelines and look forward to yo...